External Assessment

An External Security Assessment is conducted remotely, targeting systems specified by the Client. This assessment can be performed in two ways:

Vulnerability Assessment - Assessing the network to highlight key vulnerabilities and weak systems that can be abused by an attacker

Goal based testing - This assessment attempts to simulate a real world attack scenario, with the Client being able to carry out a specific scenario. The Client specifies a key system (or systems) and the Consultants attempt to compromise the specified host using a multitude of attack types.

Both assessments aim to highlight vulnerabilities and mis-configurations of systems, privilege escalation, data theft or gain a foothold in the supporting network. The methods used for each assessment will be different, depending on the network, organisation and type of environment, and will take into account client concerns and risk appetite.

Along with assessing the actual technical risk, our consultants use analysis techniques to help your organisation mitigate the issues as quickly as possible. This will help reduce the risk posed to your company and users, reducing the likelihood of reputational damage.

After reporting the issues discovered during the assessment, our consultants are also available for further follow-up calls to clarify certain issues or help your organisation understand the risks posed.

Our service can be fully tailored to the needs of your business, with reporting delivered in your preferred format where possible

Overview

The following high-level areas are included within the assessment:

Host Discovery & Port Scanning

Vulnerability Assessment

Manual Identification and Fingerprinting of services

Privilege escalation

Password Evaluation

Cryptographic Storage Analysis

Exfiltration of data

Assessment Steps

Discovery and enumeration

The hosts are scanned, with exposed services being assessed using a combination of manual and automated techniques. This includes a vulnerability assessment of all exposed hosts and their services.

Analysis and Exploitation

The assessment commences, analysing the findings and attempts made, where safe and permitted, to exploit any vulnerabilities discovered. If access is gained to the internal network, attempts will be made to access key systems on the internal network.

Reporting

The assessment is documented in a simple, easily digestible, format.

About CQrity Limited

CQrity Limited is based in the North of England and specialises in security consultancy, penetration testing and web application assessment services. We strive to provide superior value and are confident that you will enjoy working with our experienced team.